PaulDotCom mailing list archives
Re: HTTP GETs with a PUT
From: Jim Halfpenny <jim.halfpenny () gmail com>
Date: Mon, 29 Oct 2012 08:04:54 +0000
Other questions spring to mind. How do servers deal with query strings or posted data? What about other less used HTTP methods? My gut feeling is that it would be treated like a GET request, time for some testing. Jim On Oct 29, 2012 12:04 AM, "allison nixon" <elsakoo () gmail com> wrote:
If this is true, it will be a very effective IDS evasion technique. Not sure how WAFs will react but many ids signatures do indeed look for GET/POST and not PUT. I'll test this against some WAFs and see what happens, next time im at work. On Sun, Oct 28, 2012 at 11:35 AM, Robin Wood <robin () digininja org> wrote:I've just been tidying up my tools and found a script which checks which HTTP methods are enabled on a given site. I ran it against my site and it said PUT is enabled. I know that it isn't so I manually tested it and proved it wasn't enabled. I checked what it was actually sending and it was trying to PUT to / so I tried that and got a 200 back along with the content of my index page. I tried again with another page and got the content of that page. So for some reason PUT is acting as a GET for pages which exist, I checked OPTIONS and that is doing the same both of them only work with HTTP 1.1, not 1.0. I've tried a few sites, apache.org, pauldotcom.com and microsoft.com all fail but php.net gives back the content. nc php.net 80 PUT / HTTP/1.1 Host: php.net HTTP/1.1 200 OK Date: Sun, 28 Oct 2012 15:30:30 GMT . . . If this common it might be a nice way to bypass IDS that are looking for GET or HEAD methods or to bypass restrictions which lock out those two methods. Comments? Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- _________________________________ Note to self: Pillage BEFORE burning. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- HTTP GETs with a PUT Robin Wood (Oct 28)
- Re: HTTP GETs with a PUT allison nixon (Oct 28)
- Re: HTTP GETs with a PUT Jim Halfpenny (Oct 29)
- Re: HTTP GETs with a PUT Robin Wood (Oct 29)
- Re: HTTP GETs with a PUT Ryan Dewhurst (Oct 29)
- Re: HTTP GETs with a PUT anthony kasza (Oct 28)
- Re: HTTP GETs with a PUT Robin Wood (Oct 29)
- Re: HTTP GETs with a PUT allison nixon (Oct 28)